December 3, 2007 8:14 AM PST

Apple QuickTime exploit in the wild

Apple QuickTime exploit in the wild
Related Stories

Cybercrooks add QuickTime, WinZip flaws to arsenal

May 10, 2007

Apple plugs QuickTime zero-day flaw

May 1, 2007
Related Blogs

Apple QuickTime exploit published


November 26, 2007
Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability.

Researcher Joji Hamada wrote in Symantec's Security Response Weblog on Saturday that the company had seen an active exploit for the vulnerability in Apple's media-streaming program that could lead to users downloading Trojan software.

Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malicious software called "Downloader." Downloader is a Trojan that causes compromised machines to download other malicious software from the Internet. Symantec rates Downloader as "very low" risk.

No patch is currently available for the vulnerability, which affects version 7.x, and which lies in a boundary error when QuickTime processes Real Time Streaming Protocol (RTSP) replies.

Symantec is advising concerned IT professionals to run Web browsers at the highest security settings possible, disable Apple QuickTime as a registered RTSP protocol handler, and filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

Proof of concept code was published when the vulnerability was disclosed by security research company Secunia last week.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
Apple QuickTime, wild, Symantec Corp., vulnerability, Apple Computer

10 comments

Join the conversation!
Add your comment
I love it...
If you are an IT professional, wouldn't it make sense to block out all
porn sites in the first place. Employees shouldn't be getting their
jollies at work. Sounds like a good way to get yourself fired if
you're the employee that came across it.
Posted by jelloburn (252 comments )
Reply Link Flag
MPACK! Remember that...Apple Hurry Up!
It is a kit of malware code to insert malicious code into a legitimate website.
All one of your users has to do is click on an infected ad on a legitimate site and it lauches an iframe to that site.
Bingo we have a winner!
Fortunately for now at least Symantec is indicating that they have signatures for the payloads being sent out of this site but how long before more sites with different zero day payloads show up?
Posted by fred dunn (793 comments )
Link Flag
Still no patch from Apple, amazing
First of all, RTSP is the standard protocol for realtime (streaming)
media delivery. Quicktime, Real and even MS Windows Media
Player uses those ports.

It is amazing that Apple didn't come up with a hotfix yet.
Quicktime installations hard earned over years will be zeroed once
again. In fact, it effects iTunes too.
Posted by Ilgaz (573 comments )
Reply Link Flag
Good thing we don't allow any streaming
When we asked management which optional protocols we should
allow on our network, they couldn't come up with a single business
reason for allowing streaming media, so we blocked it.

But based on firewall logs, the largest group of employees that still
try to watch streaming media on any day is management.

Go figure. :)
Posted by rcrusoe (1305 comments )
Link Flag
No patch. Not even a statement on it!
I understand not being able to get a hotfix out yet. There's a lot of testing that must be done.

But seriously, how about a statement from Apple confirming they are investigating the issue or have a target date for releasing a fix.

I just got QT 7.3 packaged for deployment and I've been holding for a few days on it to see if I'm going to have to do 7.3.1 right behind it.

This is one area were Apple would do well to follow Microsoft's lead and issue an alert even if it's not accompanied by the fix.
Posted by pctec100 (105 comments )
Link Flag
Gotta go to a porn site, THEN download an app...
...IS there a patch to keep getting stupid people from doing stupid stuff?
Posted by M C (598 comments )
Reply Link Flag
Can't fix stupid!
That's why we have the Darwin awards! :)
Posted by J_Satch (571 comments )
Link Flag
Can't fix stupid . . . ?
You mean like somone suggesting Apple should follow MS's lead
on security issues?

ROFLMAO!!!! :-D
Posted by K.P.C. (227 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.